Question:
After setting up an Privileged Identity Manager endpoint how can I verify the client is communicating to the management servers?
Answer:
#1. Check /opt/CA/AccessControl/bin/issec for running processes.
Expected:
[root@Linux ]# issec
CA ControlMinder version 12.8 installed in /opt/CA/AccessControl_128SP0_1432
VeRsIoN: 12.80-0 (1432) Compiled On:Nov 14 2013 23:06:37 Kernel: 2.6.18-8.el5-RH5 _LINUX50ASX86_64.X86_64 STOP 30032
CA ControlMinder kernel extension is loaded.
CA ControlMinder security daemon is running, pid=6583 (security)
CA ControlMinder watchdog daemon is running, pid=6593 (watchdog)
CA ControlMinder agent daemon is running, pid=6586 (agent)
CA ControlMinder serevu daemon is not running.
CA ControlMinder selogrd daemon is not running.
CA ControlMinder selogrcd daemon is not running.
CA ControlMinder eacws daemon is not running.
CA ControlMinder ReportAgent daemon is running, pid=6987 (ReportAgent )
CA ControlMinder AgentManager daemon is running, pid=6459 (AgentManager )
CA ControlMinder policyfetcher daemon is running, pid=6996 (policyfetcher )
CA ControlMinder KBLAudMgr daemon is running, pid=6595 (seagent )
CA ControlMinder auxiliary daemon is not running.
CA ControlMinder AgentManager daemon is running, pid=6466 (/opt/CA/AccessControlShared/bin/AgentManager -watchdog)
Please confirm that the 3 mains demons have started: security, watchdog, and agent. Depending on features the other deamons
#2. cat /var/log/messages | grep Successfully
Expected:
[root@Linux ]# cat /var/log/messages | grep Successfully
Feb 11 15:09:18 Linux AgentManager[6459]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243
Feb 11 15:09:20 Linux AgentManager[6459]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243
Feb 11 15:09:20 Linux AgentManager[6466]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243
Feb 11 15:13:13 Linux ReportAgent: Successfully connected to the Distribution Server ssl://DS_SERVER:7243
You will see AgentManager connections. This confirms that the endpoint is setup to register itself as a AC for PUPM endpoint. (INSTALL_PUPM="yes" in the params file)
If you setup the endpoint to send audit events (ENABLE_ELM="yes" in the parmas file) you will see a ReportAgent connection. If not, then no ReportAgent connection will be seen.
#3. cat /opt/CA/AccessControl/log/policyfetcher.log | grep successfully
Expected:
[root@Linux ]# cat /opt/CA/AccessControl/log/policyfetcher.log | grep successfully
15:13:23@Feb 11 2016 - policyfetcher initialized successfully.
15:13:23@Feb 11 2016 - successfully connected to host "DH__WRITER@DS_SERVER.ca.com"
03:13:23 PM@Feb 11 2016 - successfully sent heartbeat to DH
03:13:23 PM@Feb 11 2016 - successfully reset endpoint events at DH
03:13:23 PM@Feb 11 2016 - successfully connected to host "localhost"
03:13:28 PM@Feb 11 2016 - successfully connected to host "DH__@DS_SERVER.ca.com"
Checking to make sure we can connect to the DH__ (last line) confirms that the endpoint will register itself for policies. This is INSTALL_APMC="yes" in the parms file. It confirms DH_NAME is set correctly.